Distributed Symmetric Key Establishment: a Scalable Quantum-Safe Key Distribution Protocol

Abstract: Pre-shared keys (PSK) have been widely used in network security. Nonetheless, existing PSK solutions are not scalable. Moreover, whenever a new user joins a network, PSK requires an existing user to get a new key before they are able to communicate with the new user. The key issue is how to distribute the PSK between different users. Here, we solve this problem by proposing a new protocol called Distributed Symmetric Key Establishment (DSKE). DSKE has the advantage of being scalable. Unlike standard public key infrastructure (PKI) which relies on computational assumptions, DSKE provides information-theoretic security in a universally composable security framework. Specifically, we prove the security (correctness and confidentiality) and robustness of this protocol against a computationally unbounded adversary, who additionally may have fully compromised a bounded number of the intermediaries and can eavesdrop on all communication. DSKE also achieves distributed trust through secret sharing. We present several implementations of DSKE in real environments, such as providing client services to link encryptors, network encryptors, and mobile phones, as well as the implementation of intermediaries, called Security Hubs, and associated test data as evidence for its versatility. As DSKE is highly scalable in a network setting with no distance limit, it is expected to be a cost-effective quantum-safe cryptographic solution to the network security threat presented by quantum computers.